Recent reports from the US department of homeland security and cybersecurity services-providers reveal that Chinese criminal organisations have earned more than US$1bn (billion) through a wave of sophisticated text message scams — a scheme that serves as a global warning, including for India. The operation has become so well-established that criminal groups now sell pre-packaged hardware kits on Telegram to carry out these cybercrimes, according to a
report from The Wall Street Journal (WSJ)
How the Scam Works
These operations are a high-tech version of smishing (SMS phishing). Fraudsters send fake messages that appear to come from trusted agencies—such as highway authorities or postal services—warning recipients about unpaid tolls or delivery charges.
1. Mass Messaging via SIM Farms
The gangs use subscriber identity module (SIM) farms—rooms filled with networking devices and SIM cards—to send hundreds of thousands of scam messages every day. These operations can be run remotely, often from overseas, using cheap local SIMs and automation tools. “One person in a room with a SIM farm can send out the number of text messages that 1,000 phone numbers could send,” says Adam Parks, assistant special agent in charge at homeland security investigations, in an interview with WSJ.
2. Fake Websites and Data Theft
Victims who click on the links in these messages are directed to counterfeit government or courier websites designed to steal sensitive details such as credit card numbers, passwords, and one-time passwords (OTPs).
3. Money Mules and Digital Wallets
The stolen information is then uploaded to Google Pay and Apple Wallets in Asia. The gangs recruit gig workers in the US through apps like WeChat and Telegram to use these virtual cards for in-store purchases of high-value goods — including iPhones, laptops, luxury cosmetics, and especially gift cards.
4. Profit Laundering
These goods are then shipped to China and sold for profit. The proceeds, often converted into cryptocurrency, are funnelled back to the criminal organisations through a network of intermediaries.
Homeland security officials estimate that around 330,000 scam messages related to fake toll payments were detected on a single day in September 2025 — three times higher than the daily average recorded a year earlier.
Why This Matters for India
While this billion-dollar smishing racket has mainly targeted Americans, the same playbook can be easily adapted to Indian conditions. India’s growing digital payment ecosystem—with widespread use of UPI, mobile wallets, and online toll systems like FASTag—makes it a potential hotspot for similar large-scale scams.
Already, Indian users often report receiving text messages and WhatsApp forwards that appear to be from FASTag operators, courier companies, or even government authorities and law enforcement agencies (LEAs) such as the police. These messages usually demand small payments or ask for verification updates. Many of them contain malicious links that closely resemble official websites, designed to steal banking credentials or install spyware on mobile devices.
As seen in the US, cybercriminals in India are already using Telegram or WhatsApp to recruit bank mules. In the illegal offshore betting platform 1xBet, the directorate of enforcement (ED) traced a money laundering trail exceeding Rs1,000 crore. The agency found that
over 6,000 so-called 'mule' bank accounts were used to collect money from Indian bettors, which was then channelled through numerous payment gateways and intermediaries.
Given the shortage of human resources, particularly cybersecurity experts in LEAs, cybercriminals may soon combine SIM farms and digital wallet fraud to steal money from India and launder it abroad. India’s vast network of gig workers and delivery agents could also be unknowingly drawn into these operations, making it easier for such scams to scale quickly.
Tech Behind the Crime
A SIM farm is a relatively cheap but powerful setup: a rack of modems linked to dozens or hundreds of SIM cards. Software automatically rotates phone numbers and sends personalised scam messages in bulk while helping the operators evade detection by telecom firms. These farms can run almost anywhere — from small offices to vehicles — and can switch between networks in minutes.
When victims enter their details on fake websites, criminals exploit how mobile payment systems treat device trust. Once a card is added to a mobile wallet and verified, banks often trust that device and do not prompt for additional checks. Cybercriminals exploit this loophole to bypass multi-factor authentication (MFA) and drain victims’ accounts.
Scale and Sophistication
The US operation uses hundreds of money mules who are paid only a few cents per transaction to buy gift cards and resell goods. Investigators told WSJ that Chinese groups have industrialised the fraud business by combining old-fashioned phishing with modern fintech tools.
Cybersecurity analysts warn that the same infrastructure — SIM farms, smishing kits and Telegram-based mule recruitment — is already advertised on dark-web markets and can be accessed from anywhere, including India.
Stay Safe – What You Should Do
Whether you are in India or abroad, the basic principles of online safety remain the same:
• Never click on links in unsolicited messages claiming to be about tolls, deliveries, or refunds — even if they appear urgent.
• Do not share your banking, card, or Aadhaar details through links sent via SMS, WhatsApp, or Telegram.
• Use only official apps and verified portals such as those ending with ‘.gov.in’ or ‘.india.gov.in’ domains. Also note that the Reserve Bank of India (RBI) has mandated all banks to move their official websites to the ‘.bank.in’ (dot bank dot in) domain to strengthen cybersecurity, protect customers from phishing scams, and enhance trust in digital banking. Under this rule, only RBI-regulated banks are permitted to register and use the ‘.bank.in’ domain.
• Keep your mobile and antivirus software updated. Real-time protection helps detect malicious links and fake websites.
• Report scam messages to your mobile service provider or through official government portals such as cybercrime.gov.in.
• Educate family members, especially senior citizens, who are often targeted with fake toll or courier payment messages.
What began as a US-focused billion-dollar smishing operation now serves as a clear warning: large-scale text scams are no longer amateur efforts. With cross-border coordination, cryptocurrency laundering, and misuse of digital wallets, cybercriminals are evolving faster than law enforcement can track them.
For Indian users—amid the rapid growth of UPI, FASTag, and online delivery services—vigilance remains the first and strongest line of defence.
The rule is simple: ignore, delete, and report any message that asks for payment or verification through unofficial links.
Stay Alert, Stay Safe!
How to Report Cyber Fraud?
Do report cybercrimes to the national cybercrime reporting portal
http://cybercrime.gov.in or call the toll-free national helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you should immediately send an email to the official email address of your branch (which can be found on the bank's website or in your passbook) with a copy to the bank's customer care. Even if you have called the official customer care number, you must still send an email describing your conversation with the bank executive, including the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.
